Comments on: Exchange 2007 Provisioning http://www.wapshere.com/missmiis/exchange-2007-provisioning Adventures in identity management Tue, 07 Feb 2012 08:24:49 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Carol http://www.wapshere.com/missmiis/exchange-2007-provisioning/comment-page-1#comment-138 Carol Thu, 13 May 2010 20:31:07 +0000 http://www.wapshere.com/missmiis/?p=198#comment-138 Good to hear you solved it! Good to hear you solved it!

]]> By: Will http://www.wapshere.com/missmiis/exchange-2007-provisioning/comment-page-1#comment-137 Will Thu, 13 May 2010 20:05:50 +0000 http://www.wapshere.com/missmiis/?p=198#comment-137 Carol, Resolved the issue... I thought I had set the domain controller to use on the AD MA but I did not or it was unchecked somehow... Anyway, found that and set it and all is working. Carol,
Resolved the issue… I thought I had set the domain controller to use on the AD MA but I did not or it was unchecked somehow… Anyway, found that and set it and all is working.

]]> By: Will http://www.wapshere.com/missmiis/exchange-2007-provisioning/comment-page-1#comment-136 Will Thu, 13 May 2010 18:25:16 +0000 http://www.wapshere.com/missmiis/?p=198#comment-136 Hi Carol, Thanks for the quick reply... I was leaning that direction too. A bit of information I left off the original post is that the homeMDB of existing users is the same as what I am flowing so that substantiates what our instincts are telling us... Do you know of a permissions document for a forest/child domain setup? The architecture is like this: Root (forest) Domain (abcd.com) (Exchange) | | (disjointed namespace) | Child (tree) Domain (wxyz.com) (ILM) Again, thanks for the help... Your site has provided awesome guidance and been a tremendous help to me on my project. I will definitly update you to the resolution when I find it. Hi Carol,

Thanks for the quick reply… I was leaning that direction too. A bit of information I left off the original post is that the homeMDB of existing users is the same as what I am flowing so that substantiates what our instincts are telling us… Do you know of a permissions document for a forest/child domain setup? The architecture is like this:

Root (forest) Domain (abcd.com)
(Exchange)
|
| (disjointed namespace)
|
Child (tree) Domain (wxyz.com)
(ILM)

Again, thanks for the help… Your site has provided awesome guidance and been a tremendous help to me on my project. I will definitly update you to the resolution when I find it.

]]> By: Carol http://www.wapshere.com/missmiis/exchange-2007-provisioning/comment-page-1#comment-135 Carol Thu, 13 May 2010 17:22:12 +0000 http://www.wapshere.com/missmiis/?p=198#comment-135 Hi Will. I haven't had to flow those three attributes seperately. The error you've seen running set-mailbox is most likely the same problem being experienced by ILM, so you should focus your efforts there. I have seen a similar error once before, and it was due to a permissions error in the Configuration part of AD - but we were seeing other Exchange problems as well, so I don't think that's your exact problem, however I do think permissions is the most likely cause. Hi Will.

I haven’t had to flow those three attributes seperately. The error you’ve seen running set-mailbox is most likely the same problem being experienced by ILM, so you should focus your efforts there. I have seen a similar error once before, and it was due to a permissions error in the Configuration part of AD – but we were seeing other Exchange problems as well, so I don’t think that’s your exact problem, however I do think permissions is the most likely cause.

]]> By: Will http://www.wapshere.com/missmiis/exchange-2007-provisioning/comment-page-1#comment-134 Will Thu, 13 May 2010 16:55:41 +0000 http://www.wapshere.com/missmiis/?p=198#comment-134 Wondering if anyone has seen and had to deal with this before... Background ILM 2007 FP1 Exchange 2007 provisioning. Single forest with multiple trees (disjointed namespace). ILM service account has Replicate Directory Changes (at my domain level), rights to create, delete and modify objects (at my domain level) and is a memeber of the Exchange Recipeint Administrators group (at the forest domain level). The Exchange environment was upgraded from EXchange 2003 to Exchange 2007. I have Exchange 2007 SP2 Management Tools and PowerShell v 1.0 installed on my ILM server. Situation Exchange 2007 provisioning works kinda. I can create mailboxes, contacts and mail enabled users. ILM Exchange provisioning when creating mailboxes is creating "Legacy Mailboxes" instead of "User Mailboxes". Looking into what constitutes a Legacy Mailbox in Exchange 2007 I find that 3 attributes are not being set during provisioning. The 3 attributes are msExchVersion, msExchRecipientDisplayType and msExchRecipientTypeDetails. Manually setting these attributes does change the mailbox from Legacy Mailbox to User Mailbox. User Mailbox is desired state because of the version of OWA. I did not experience this in my testing environment and my test environment is not replica of production because of the size of production, however same versions of software were used. Additional Information I attempted running the following command: set-mailbox test.account02 -ApplyMandatoryProperties from Exchange Powershell on my ILM server. Running the command resulted in the following error: "Set-Mailbox : Could not find the default Administrative Group 'Exchange Administrative Group (FYDIBOHF23SPDLT)'." Questions Do you think this is a permissions issue? Do you think this is a software compatibility issue? Have you ever had to flow the 3 attributes identified above via ILM? Wondering if anyone has seen and had to deal with this before…

Background
ILM 2007 FP1 Exchange 2007 provisioning. Single forest with multiple trees (disjointed namespace). ILM service account has Replicate Directory Changes (at my domain level), rights to create, delete and modify objects (at my domain level) and is a memeber of the Exchange Recipeint Administrators group (at the forest domain level). The Exchange environment was upgraded from EXchange 2003 to Exchange 2007. I have Exchange 2007 SP2 Management Tools and PowerShell v 1.0 installed on my ILM server.

Situation
Exchange 2007 provisioning works kinda. I can create mailboxes, contacts and mail enabled users. ILM Exchange provisioning when creating mailboxes is creating “Legacy Mailboxes” instead of “User Mailboxes”. Looking into what constitutes a Legacy Mailbox in Exchange 2007 I find that 3 attributes are not being set during provisioning. The 3 attributes are msExchVersion, msExchRecipientDisplayType and msExchRecipientTypeDetails. Manually setting these attributes does change the mailbox from Legacy Mailbox to User Mailbox. User Mailbox is desired state because of the version of OWA. I did not experience this in my testing environment and my test environment is not replica of production because of the size of production, however same versions of software were used.

Additional Information
I attempted running the following command: set-mailbox test.account02 -ApplyMandatoryProperties from Exchange Powershell on my ILM server. Running the command resulted in the following error: “Set-Mailbox : Could not find the default Administrative Group ‘Exchange Administrative Group (FYDIBOHF23SPDLT)’.”

Questions
Do you think this is a permissions issue?
Do you think this is a software compatibility issue?
Have you ever had to flow the 3 attributes identified above via ILM?

]]> By: Carol http://www.wapshere.com/missmiis/exchange-2007-provisioning/comment-page-1#comment-113 Carol Sat, 12 Sep 2009 06:07:24 +0000 http://www.wapshere.com/missmiis/?p=198#comment-113 I have seen this error now as it happens. It's a permissions issue. Make sure the ILM servcice account is an Exchange Recipient administrator. I have seen this error now as it happens. It’s a permissions issue. Make sure the ILM servcice account is an Exchange Recipient administrator.

]]> By: Carol http://www.wapshere.com/missmiis/exchange-2007-provisioning/comment-page-1#comment-59 Carol Tue, 04 Nov 2008 17:11:32 +0000 http://www.wapshere.com/missmiis/?p=198#comment-59 No sorry I haven't seen that, besides someone asking about it on the ILM Forum - was that you? All I can suggest is you recheck all your settings (is Exchange 2007 provisioning ticked in the MA?) and some general troubleshooting: - What does the object look like in the connector space? - You say you can run recipient-update manually - are you using the exact same account as the MA? - Are there any errors messages on the DC you're connecting to? No sorry I haven’t seen that, besides someone asking about it on the ILM Forum – was that you? All I can suggest is you recheck all your settings (is Exchange 2007 provisioning ticked in the MA?) and some general troubleshooting:
- What does the object look like in the connector space?
- You say you can run recipient-update manually – are you using the exact same account as the MA?
- Are there any errors messages on the DC you’re connecting to?

]]> By: 10ti http://www.wapshere.com/missmiis/exchange-2007-provisioning/comment-page-1#comment-58 10ti Tue, 04 Nov 2008 16:09:31 +0000 http://www.wapshere.com/missmiis/?p=198#comment-58 Have you ever encounter this error during provisioning? Environment: ILM FP1, powershell 1.0, exchange management console, exchange rollup 4 Reading from AD and writing to other AD management agent My error: The extensible extension returned an unsupported error in MIIS. The stack trace is: "Microsoft.MetadirectoryServices.ExtensionException: Could not find the default Administrative Group 'Exchange Administrative Group (FYDIBOHF23SPDLT)'. at Exch2007Extension.Exch2007ExtensionClass.AfterExportEntryToCd(Byte[] origAnchor, String origDN, String origDeltaEntryXml, Byte[] newAnchor, String newDN, String failedDeltaEntryXml, String errorMessage) Microsoft Identity Integration Server 3.3.0118.0" For more information, see Help and Support Center at HomeMDB is correct but when ilm try to update recipient is raised that error.. Before the proviosu error there is this error in event viewer : Event Type: Error Event Source: MIIServer Event Category: None Event ID: 0 Date: 15/10/2008 Time: 15.45.32 User: N/A Computer: D1ILM Description: The description for Event ID ( 0 ) in Source ( MIIServer ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: There is an error in Exch2007Extension AfterExportEntryToCd() function when exporting an object with DN CN=ProvaILM11,OU=ILM,...(hidden)... Type: Microsoft.Exchange.Configuration.Tasks.ThrowTerminatingErrorException Message: Could not find the default Administrative Group 'Exchange Administrative Group (FYDIBOHF23SPDLT)'. Stack Trace: at Microsoft.Exchange.Configuration.Tasks.Task.ThrowTerminatingError(Exception exception, ErrorCategory category, Object target) at Microsoft.Exchange.Configuration.Tasks.Task.ProcessUnhandledException(Exception e) at Microsoft.Exchange.Configuration.Tasks.Task.BeginProcessing() at System.Management.Automation.Cmdlet.DoBeginProcessing() at System.Management.Automation.CommandProcessorBase.DoBegin(). The user become mailbox linked correctly if launch update recipient manually....I can't understand why with ilm fp1 don't work while manually work...(homeMDB is set by Exchange.CreateMailbox()) and even when launching update from powershell i use the same attribute Thx for help. Regards Luka. Have you ever encounter this error during provisioning?

Environment:

ILM FP1, powershell 1.0, exchange management console, exchange rollup 4

Reading from AD and writing to other AD management agent

My error:

The extensible extension returned an unsupported error in MIIS.

The stack trace is:

“Microsoft.MetadirectoryServices.ExtensionException: Could not find the default Administrative Group ‘Exchange Administrative Group (FYDIBOHF23SPDLT)’.

at Exch2007Extension.Exch2007ExtensionClass.AfterExportEntryToCd(Byte[] origAnchor, String origDN, String origDeltaEntryXml, Byte[] newAnchor, String newDN, String failedDeltaEntryXml, String errorMessage)

Microsoft Identity Integration Server 3.3.0118.0″

For more information, see Help and Support Center at

HomeMDB is correct but when ilm try to update recipient is raised that error..

Before the proviosu error there is this error in event viewer :

Event Type: Error
Event Source: MIIServer
Event Category: None
Event ID: 0
Date: 15/10/2008
Time: 15.45.32
User: N/A
Computer: D1ILM
Description:
The description for Event ID ( 0 ) in Source ( MIIServer ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event:

There is an error in Exch2007Extension AfterExportEntryToCd() function when exporting an object with DN CN=ProvaILM11,OU=ILM,…(hidden)…

Type: Microsoft.Exchange.Configuration.Tasks.ThrowTerminatingErrorException

Message: Could not find the default Administrative Group ‘Exchange Administrative Group (FYDIBOHF23SPDLT)’.

Stack Trace: at Microsoft.Exchange.Configuration.Tasks.Task.ThrowTerminatingError(Exception exception, ErrorCategory category, Object target)
at Microsoft.Exchange.Configuration.Tasks.Task.ProcessUnhandledException(Exception e)
at Microsoft.Exchange.Configuration.Tasks.Task.BeginProcessing()
at System.Management.Automation.Cmdlet.DoBeginProcessing()
at System.Management.Automation.CommandProcessorBase.DoBegin().

The user become mailbox linked correctly if launch update recipient manually….I can’t understand why with ilm fp1 don’t work while manually work…(homeMDB is set by Exchange.CreateMailbox()) and even when launching update from powershell i use the same attribute

Thx for help.
Regards Luka.

]]>